Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirecting Search Engine Virus and "GAC_32\Desktop.ini"


  • This topic is locked This topic is locked
31 replies to this topic

#1 dgamm562

dgamm562

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 18 July 2012 - 12:55 AM

Hello!

This topic is being carried over from my previous one.

I am using Window 7 64-bit OS and Firefox.

Recently(in the past 3 weeks), when I start up my computer, the icons on my desktop have been moved to the left side of the screen from there original place. I would move the icons back to their original corners but they move back to the left side after I shut down and start up or restart.

When I search with Google or Yahoo!, and click a link I am redirected to a advertisement site instead of the link I intended to visit. I performed Malware Bytes and Spybot Search and Destroy scans but, nothing was found. Then I noticed that my Avast! was unsecured and after fixing that and performing a full scan it found 11 threats. According to the file names they were located on my C drive in the "Windows" folder then "assembly" and "Installer" folders. Here's a screenshot of my Avast! Scan results.

Posted Image

I haven't deleted them because, after reading some previous threads on this site, that doesn't look like the absolute way to get rid of them. I would like to know how to exterminate them for good.

Thank you for you help! I will appreciate it.:)

DDS Log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Dominique Gammage at 18:41:49 on 2012-07-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3037.1509 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\V0500Mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\WUDFHost.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [V0500Mon.exe] C:\Windows\V0500Mon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{02729678-0195-47DD-A182-EA20917137C4} : DhcpNameServer = 192.168.1.254
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [V0500Mon.exe] C:\Windows\V0500Mon.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dominique Gammage\AppData\Roaming\Mozilla\Firefox\Profiles\jl5imaud.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.blogger.com/home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Dominique Gammage\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Dominique Gammage\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-17 40384]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-2-23 103440]
R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\system32\Wacom_Tablet.exe --> C:\Windows\system32\Wacom_Tablet.exe [?]
R3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr6164.sys --> C:\Windows\system32\DRIVERS\netr6164.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 V0500Dev;Dynex 1.3MP Webcam Driver;C:\Windows\system32\DRIVERS\V0500Vid.sys --> C:\Windows\system32\DRIVERS\V0500Vid.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-3-7 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 250056]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-7-28 1436424]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-13 18:09:33 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-11 06:37:03 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-10 17:50:58 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-10 03:44:30 -------- d-----w- C:\Users\Dominique Gammage\AppData\Local\{A9867EEB-D159-42EE-8169-C293E9CE008D}
2012-07-10 03:44:16 -------- d-----w- C:\Users\Dominique Gammage\AppData\Local\{51C55221-7064-4F16-9C37-1A9918D79896}
2012-07-06 21:52:46 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0321B234-B5C4-43F3-9904-34D16B26A341}\mpengine.dll
2012-07-04 16:23:21 -------- d-----w- C:\Users\Dominique Gammage\AppData\Local\{A7818C7F-962C-4CA8-8652-1989ABA374D8}
2012-07-04 16:23:09 -------- d-----w- C:\Users\Dominique Gammage\AppData\Local\{FC306F95-419B-4E54-A7A5-B0B65DCC6803}
2012-07-04 15:59:05 -------- d-----w- C:\Windows\en
2012-07-04 15:55:38 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-07-04 15:52:11 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f89f03291cd59fc02\MeshBetaRemover.exe
2012-07-04 15:52:09 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f84e49ea1cd59fc01\DSETUP.dll
2012-07-04 15:52:09 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f84e49ea1cd59fc01\DXSETUP.exe
2012-07-04 15:52:09 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f84e49ea1cd59fc01\dsetup32.dll
2012-07-04 15:50:44 -------- d-----w- C:\Users\Dominique Gammage\AppData\Local\{CABA80D5-2AAF-4681-B4CB-1CB6BB627567}
2012-07-04 15:49:49 -------- d-----w- C:\Users\Dominique Gammage\AppData\Local\{F8235E41-4795-4958-8052-B161BED41918}
2012-06-27 00:10:01 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-27 00:10:01 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-17 16:46:56 -------- d-----w- C:\Users\Dominique Gammage\AppData\Roaming\WTablet
.
==================== Find3M ====================
.
2012-07-12 05:33:41 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 05:33:41 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-19 03:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2009-05-15 05:15:24 5719400 ----a-w- C:\Program Files\Common Files\adlmint_libFNP.dll
2009-05-15 05:15:24 4397928 ----a-w- C:\Program Files\Common Files\adlmint.dll
.
============= FINISH: 18:43:28.34 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:10 AM

Posted 18 July 2012 - 01:04 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 dgamm562

dgamm562
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 18 July 2012 - 01:08 PM

Hello Bleepin Gringo,

Thank you for your time with helping me exterminate the issues on my computer. I really appreciate it. :)

I was able to complete a few of your steps. After I performed the "Security Check" and got a log which I will paste at the bottom of this post. Then I worked on disabling my Windows 7 Firewall, Windows Defender, Avast! Antivirus, Spybot S&D, and MBAM before running ComboFix. I'm having problems disabling, my Windows 7 Firewall and Defender, Spybot S&D and MBAM. I was able to disable Avast!.

I followed the instructions from here and here to disable my Windows 7 firewall and Defender. I could only follow up to step 4. At step five, I have a error that pops up. Are these programs already down?

Posted Image
Posted Image

I followed the instruction here to disable my Spybot S&D. I had to stop at step 5 ("Uncheck the "TeaTimer" box and "OK" any prompts.") because I didn't see the Tea Timer box.

Posted Image

This is to double check but, for MBAM the problem I ran into while following these directions was I could not find the "uncheck Start with Windows under General Settings". Is this because my MBAM is not registered? Do I have to register, just double checking.

Posted Image

Here is my checkup log:
Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
McAfee SiteAdvisor
Java™ 6 Update 31
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox 13.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 9%
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:10 AM

Posted 18 July 2012 - 01:21 PM

Ok disable as much as you can and then run combofix anyway



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 dgamm562

dgamm562
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 18 July 2012 - 06:19 PM

Hello Bleeping Gringo,

I performed the ComboFix twice but it did not produce a log on my desktop for me to post. Is it stored somewhere else, under a different name? My antivirus and anti-malware programs are still disabled. Would you like for me to perform CF again?

After I ran CF, I restarted my computer. There was no prompt for me to restart. I assumed it would help with finding the log. I haven't found it. During the restart of my computer, the "Shutting Down..." and "Welcome" screens were loading slower than before. When my desktop appeared, my icons remained in their original places. Before using CF, they would shift to the left side of the screen. Also the Windows Defender is back on. :)

Posted Image

But, I still can not turn on my Windows Firewall. I continue to recieve the same error message as before.

Posted Image
Posted Image

Thank you for your very speedy help!

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:10 AM

Posted 18 July 2012 - 09:37 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 dgamm562

dgamm562
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 19 July 2012 - 11:43 AM

Hello Gringo,

I've put the Farbar Recovery Scan tool on to a flash drive. Could you explain the "BIOS"? I've restarted my computer several times while tapping F8 and the "Adavance Boot Options" do not appear.

Thank you :)

Edited by dgamm562, 19 July 2012 - 11:45 AM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:10 AM

Posted 19 July 2012 - 04:05 PM

Hello

I would like to see if combofix made a report

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\ComboFix.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 dgamm562

dgamm562
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 19 July 2012 - 10:18 PM

Hello Gringo,

Posted Image

Hmmm, it did not find a ComboFix log. Should I run it again?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:10 AM

Posted 19 July 2012 - 10:30 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 dgamm562

dgamm562
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 20 July 2012 - 01:06 AM

ComboFix 12-07-18.04 - Dominique Gammage 07/19/2012 22:32:23.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3037.1555 [GMT -7:00]
Running from: c:\users\Dominique Gammage\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dominique Gammage\Documents\~WRL0003.tmp
c:\windows\Installer\{4a31a858-8b61-1a5a-7fa3-2ac4789276c0}\@
c:\windows\Installer\{4a31a858-8b61-1a5a-7fa3-2ac4789276c0}\L\00000004.@
c:\windows\Installer\{4a31a858-8b61-1a5a-7fa3-2ac4789276c0}\L\1afb2d56
c:\windows\Installer\{4a31a858-8b61-1a5a-7fa3-2ac4789276c0}\L\201d3dde
c:\windows\Installer\{4a31a858-8b61-1a5a-7fa3-2ac4789276c0}\n
c:\windows\Installer\{4a31a858-8b61-1a5a-7fa3-2ac4789276c0}\U\00000004.@
c:\windows\Installer\{4a31a858-8b61-1a5a-7fa3-2ac4789276c0}\U\00000008.@
c:\windows\Installer\{4a31a858-8b61-1a5a-7fa3-2ac4789276c0}\U\000000cb.@
c:\windows\Installer\{4a31a858-8b61-1a5a-7fa3-2ac4789276c0}\U\80000000.@
c:\windows\Installer\{4a31a858-8b61-1a5a-7fa3-2ac4789276c0}\U\80000032.@
c:\windows\Installer\{4a31a858-8b61-1a5a-7fa3-2ac4789276c0}\U\80000064.@
c:\windows\Installer\{4a31a858-8b61-1a5a-7fa3-2ac4789276c0}\U\trz21B6.tmp
c:\windows\Installer\{4a31a858-8b61-1a5a-7fa3-2ac4789276c0}\U\trz2511.tmp
c:\windows\Installer\{4a31a858-8b61-1a5a-7fa3-2ac4789276c0}\U\trzA20F.tmp
c:\windows\Installer\{4a31a858-8b61-1a5a-7fa3-2ac4789276c0}\U\trzBACF.tmp
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))
.
.
2012-07-20 05:51 . 2012-07-20 06:05 -------- d-----w- c:\programdata\Recovery
2012-07-20 05:44 . 2012-07-20 05:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-18 22:40 . 2012-07-18 22:40 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-13 18:09 . 2012-07-13 18:09 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-11 06:37 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 17:50 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-04 15:59 . 2012-07-04 15:59 -------- d-----w- c:\windows\en
2012-07-04 15:55 . 2012-03-09 01:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-07-04 15:52 . 2012-07-04 15:52 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f89f03291cd59fc02\MeshBetaRemover.exe
2012-07-04 15:52 . 2012-07-04 15:52 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f84e49ea1cd59fc01\DSETUP.dll
2012-07-04 15:52 . 2012-07-04 15:52 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f84e49ea1cd59fc01\DXSETUP.exe
2012-07-04 15:52 . 2012-07-04 15:52 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f84e49ea1cd59fc01\dsetup32.dll
2012-06-27 00:10 . 2012-06-27 00:10 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-27 00:10 . 2012-06-27 00:10 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-18 22:40 . 2010-07-15 14:05 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-12 05:33 . 2012-04-10 00:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 05:33 . 2011-05-25 01:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 06:34 . 2010-03-25 16:39 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-29 10:04 . 2012-07-18 22:55 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6C4F7C3-8EDF-4293-84BA-15DBF948223C}\mpengine.dll
2012-06-02 22:19 . 2012-06-08 22:44 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 22:44 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-08 22:44 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 22:44 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 22:43 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-08 22:44 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-08 22:44 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-08 22:43 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-08 22:44 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 19:25 . 2010-05-22 16:29 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-29 18:55 . 2012-05-29 18:55 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-04 11:06 . 2012-06-12 20:40 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 20:40 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 20:40 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-12 20:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-12 20:40 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-12 20:40 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-12 20:40 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-12 20:40 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-12 20:40 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-12 20:40 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-12 20:40 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-12 20:40 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-12 20:40 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-12 20:40 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2009-05-15 05:15 . 2009-05-15 05:15 5719400 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
2009-05-15 05:15 . 2009-05-15 05:15 4397928 ----a-w- c:\program files\Common Files\adlmint.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-09-19 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"V0500Mon.exe"="c:\windows\V0500Mon.exe" [2007-11-03 32768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-07-28 1436424]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-27 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\DRIVERS\V0500Vid.sys [2007-11-01 292064]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-24 18216]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1255736]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-28 828912]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 aswSP;aswSP; [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 62032]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-06-15 103472]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-03-09 6245744]
S3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [2009-06-02 438784]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 05:33]
.
2012-06-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 365592]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Dominique Gammage\AppData\Roaming\Mozilla\Firefox\Profiles\jl5imaud.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.blogger.com/home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-OM2_Monitor - c:\program files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
Wow6432Node-HKLM-Run-OM2_Monitor - c:\program files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1262397680-3773611420-4059528507-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1262397680-3773611420-4059528507-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-07-19 22:53:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-20 05:53
.
Pre-Run: 166,846,824,448 bytes free
Post-Run: 167,182,405,632 bytes free
.
- - End Of File - - AC7D19B035B42C1CA33D0AC0BD168B1F

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:10 AM

Posted 20 July 2012 - 02:04 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 dgamm562

dgamm562
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 20 July 2012 - 01:57 PM

TDSSKiller Log

11:50:24.0933 4808 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
11:50:25.0495 4808 ============================================================
11:50:25.0495 4808 Current date / time: 2012/07/20 11:50:25.0495
11:50:25.0495 4808 SystemInfo:
11:50:25.0495 4808
11:50:25.0495 4808 OS Version: 6.1.7601 ServicePack: 1.0
11:50:25.0495 4808 Product type: Workstation
11:50:25.0495 4808 ComputerName: DGAMM562
11:50:25.0495 4808 UserName: Dominique Gammage
11:50:25.0495 4808 Windows directory: C:\Windows
11:50:25.0495 4808 System windows directory: C:\Windows
11:50:25.0495 4808 Running under WOW64
11:50:25.0495 4808 Processor architecture: Intel x64
11:50:25.0495 4808 Number of processors: 2
11:50:25.0495 4808 Page size: 0x1000
11:50:25.0495 4808 Boot type: Normal boot
11:50:25.0495 4808 ============================================================
11:50:26.0353 4808 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:50:26.0353 4808 ============================================================
11:50:26.0353 4808 \Device\Harddisk0\DR0:
11:50:26.0353 4808 MBR partitions:
11:50:26.0353 4808 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:50:26.0353 4808 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x23E74800
11:50:26.0353 4808 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23EA7000, BlocksNum 0x1587000
11:50:26.0353 4808 ============================================================
11:50:26.0369 4808 C: <-> \Device\Harddisk0\DR0\Partition1
11:50:26.0415 4808 D: <-> \Device\Harddisk0\DR0\Partition2
11:50:26.0415 4808 ============================================================
11:50:26.0415 4808 Initialize success
11:50:26.0415 4808 ============================================================
11:52:15.0687 1772 ============================================================
11:52:15.0687 1772 Scan started
11:52:15.0687 1772 Mode: Manual;
11:52:15.0687 1772 ============================================================
11:52:20.0414 1772 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:52:20.0414 1772 1394ohci - ok
11:52:20.0679 1772 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:52:20.0679 1772 ACPI - ok
11:52:20.0757 1772 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:52:20.0757 1772 AcpiPmi - ok
11:52:21.0054 1772 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
11:52:21.0069 1772 adfs - ok
11:52:21.0381 1772 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:52:21.0381 1772 AdobeARMservice - ok
11:52:21.0865 1772 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:52:21.0881 1772 AdobeFlashPlayerUpdateSvc - ok
11:52:22.0037 1772 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:52:22.0068 1772 adp94xx - ok
11:52:22.0115 1772 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:52:22.0130 1772 adpahci - ok
11:52:22.0130 1772 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:52:22.0146 1772 adpu320 - ok
11:52:22.0177 1772 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:52:22.0177 1772 AeLookupSvc - ok
11:52:22.0286 1772 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:52:22.0302 1772 AFD - ok
11:52:22.0364 1772 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:52:22.0364 1772 agp440 - ok
11:52:22.0863 1772 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
11:52:22.0863 1772 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
11:52:22.0863 1772 Akamai ( HiddenFile.Multi.Generic ) - warning
11:52:22.0863 1772 Akamai - detected HiddenFile.Multi.Generic (1)
11:52:23.0222 1772 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:52:23.0222 1772 ALG - ok
11:52:23.0300 1772 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:52:23.0300 1772 aliide - ok
11:52:23.0331 1772 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:52:23.0331 1772 amdide - ok
11:52:23.0378 1772 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:52:23.0394 1772 AmdK8 - ok
11:52:23.0409 1772 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:52:23.0409 1772 AmdPPM - ok
11:52:23.0534 1772 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:52:23.0534 1772 amdsata - ok
11:52:23.0581 1772 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:52:23.0581 1772 amdsbs - ok
11:52:23.0628 1772 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:52:23.0628 1772 amdxata - ok
11:52:23.0753 1772 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:52:23.0753 1772 AppID - ok
11:52:23.0815 1772 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:52:23.0815 1772 AppIDSvc - ok
11:52:23.0877 1772 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:52:23.0877 1772 Appinfo - ok
11:52:24.0049 1772 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:52:24.0049 1772 Apple Mobile Device - ok
11:52:24.0096 1772 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:52:24.0096 1772 arc - ok
11:52:24.0111 1772 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:52:24.0111 1772 arcsas - ok
11:52:24.0158 1772 aswFsBlk (6923740db573b46fdda13e1df412c577) C:\Windows\system32\drivers\aswFsBlk.sys
11:52:24.0158 1772 aswFsBlk - ok
11:52:24.0205 1772 aswMonFlt (de001b988b58bfd453f667842655b22e) C:\Windows\system32\drivers\aswMonFlt.sys
11:52:24.0205 1772 aswMonFlt - ok
11:52:24.0205 1772 aswRdr (e0d1002d7fa65dd023788b17f714e682) C:\Windows\system32\drivers\aswRdr.sys
11:52:24.0205 1772 aswRdr - ok
11:52:24.0236 1772 aswSP (c3eafdc0f533425614430a112ba71e9a) C:\Windows\system32\drivers\aswSP.sys
11:52:24.0236 1772 aswSP - ok
11:52:24.0236 1772 aswTdi (0226ffbc420d8fb67ba3b9dbdd1f2dca) C:\Windows\system32\drivers\aswTdi.sys
11:52:24.0236 1772 aswTdi - ok
11:52:24.0267 1772 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:52:24.0267 1772 AsyncMac - ok
11:52:24.0299 1772 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:52:24.0299 1772 atapi - ok
11:52:24.0408 1772 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:52:24.0408 1772 AudioEndpointBuilder - ok
11:52:24.0423 1772 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:52:24.0423 1772 AudioSrv - ok
11:52:24.0626 1772 avast! Antivirus (25fb74eabce5ec7836ba3cfb3c58449a) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
11:52:24.0626 1772 avast! Antivirus - ok
11:52:24.0735 1772 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:52:24.0735 1772 AxInstSV - ok
11:52:24.0782 1772 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:52:24.0798 1772 b06bdrv - ok
11:52:24.0829 1772 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:52:24.0829 1772 b57nd60a - ok
11:52:24.0860 1772 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:52:24.0860 1772 BDESVC - ok
11:52:24.0891 1772 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:52:24.0891 1772 Beep - ok
11:52:25.0203 1772 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:52:25.0219 1772 BFE - ok
11:52:25.0281 1772 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
11:52:25.0328 1772 BITS - ok
11:52:25.0484 1772 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:52:25.0484 1772 blbdrive - ok
11:52:25.0859 1772 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:52:25.0874 1772 Bonjour Service - ok
11:52:25.0921 1772 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:52:25.0921 1772 bowser - ok
11:52:25.0952 1772 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:52:25.0952 1772 BrFiltLo - ok
11:52:25.0968 1772 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:52:25.0968 1772 BrFiltUp - ok
11:52:25.0968 1772 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:52:25.0968 1772 BridgeMP - ok
11:52:26.0249 1772 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:52:26.0264 1772 Browser - ok
11:52:26.0295 1772 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:52:26.0295 1772 Brserid - ok
11:52:26.0311 1772 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:52:26.0311 1772 BrSerWdm - ok
11:52:26.0327 1772 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:52:26.0327 1772 BrUsbMdm - ok
11:52:26.0327 1772 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:52:26.0327 1772 BrUsbSer - ok
11:52:26.0342 1772 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:52:26.0342 1772 BTHMODEM - ok
11:52:26.0358 1772 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:52:26.0358 1772 bthserv - ok
11:52:26.0389 1772 catchme - ok
11:52:26.0405 1772 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:52:26.0405 1772 cdfs - ok
11:52:26.0654 1772 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:52:26.0654 1772 cdrom - ok
11:52:26.0701 1772 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:52:26.0701 1772 CertPropSvc - ok
11:52:26.0763 1772 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:52:26.0763 1772 circlass - ok
11:52:26.0795 1772 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:52:26.0826 1772 CLFS - ok
11:52:26.0873 1772 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:52:26.0888 1772 clr_optimization_v2.0.50727_32 - ok
11:52:26.0935 1772 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:52:26.0935 1772 clr_optimization_v2.0.50727_64 - ok
11:52:27.0107 1772 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:52:27.0122 1772 clr_optimization_v4.0.30319_32 - ok
11:52:27.0216 1772 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:52:27.0216 1772 clr_optimization_v4.0.30319_64 - ok
11:52:27.0247 1772 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:52:27.0247 1772 CmBatt - ok
11:52:27.0309 1772 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:52:27.0325 1772 cmdide - ok
11:52:27.0356 1772 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
11:52:27.0372 1772 CNG - ok
11:52:27.0419 1772 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:52:27.0419 1772 Compbatt - ok
11:52:27.0591 1772 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:52:27.0591 1772 CompositeBus - ok
11:52:27.0607 1772 COMSysApp - ok
11:52:27.0638 1772 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:52:27.0638 1772 crcdisk - ok
11:52:27.0763 1772 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
11:52:27.0763 1772 CryptSvc - ok
11:52:27.0841 1772 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:52:27.0841 1772 DcomLaunch - ok
11:52:27.0872 1772 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:52:27.0872 1772 defragsvc - ok
11:52:27.0934 1772 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:52:27.0934 1772 DfsC - ok
11:52:28.0059 1772 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:52:28.0059 1772 Dhcp - ok
11:52:28.0106 1772 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:52:28.0106 1772 discache - ok
11:52:28.0137 1772 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:52:28.0137 1772 Disk - ok
11:52:28.0184 1772 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:52:28.0184 1772 Dnscache - ok
11:52:28.0387 1772 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:52:28.0387 1772 dot3svc - ok
11:52:28.0527 1772 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
11:52:28.0543 1772 Dot4 - ok
11:52:28.0605 1772 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
11:52:28.0605 1772 Dot4Print - ok
11:52:28.0621 1772 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
11:52:28.0621 1772 dot4usb - ok
11:52:28.0683 1772 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:52:28.0683 1772 DPS - ok
11:52:28.0714 1772 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:52:28.0714 1772 drmkaud - ok
11:52:28.0870 1772 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:52:28.0886 1772 DXGKrnl - ok
11:52:28.0917 1772 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:52:28.0917 1772 EapHost - ok
11:52:29.0182 1772 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:52:29.0245 1772 ebdrv - ok
11:52:29.0526 1772 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:52:29.0526 1772 EFS - ok
11:52:29.0744 1772 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:52:29.0760 1772 ehRecvr - ok
11:52:29.0791 1772 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:52:29.0791 1772 ehSched - ok
11:52:29.0853 1772 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:52:29.0869 1772 elxstor - ok
11:52:29.0947 1772 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:52:29.0962 1772 ErrDev - ok
11:52:30.0415 1772 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:52:30.0415 1772 EventSystem - ok
11:52:30.0446 1772 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:52:30.0446 1772 exfat - ok
11:52:30.0462 1772 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:52:30.0462 1772 fastfat - ok
11:52:30.0555 1772 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:52:30.0555 1772 Fax - ok
11:52:30.0571 1772 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:52:30.0571 1772 fdc - ok
11:52:30.0586 1772 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:52:30.0602 1772 fdPHost - ok
11:52:30.0602 1772 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:52:30.0602 1772 FDResPub - ok
11:52:30.0633 1772 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:52:30.0633 1772 FileInfo - ok
11:52:30.0649 1772 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:52:30.0649 1772 Filetrace - ok
11:52:31.0086 1772 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:52:31.0117 1772 FLEXnet Licensing Service - ok
11:52:31.0366 1772 FLEXnet Licensing Service 64 (a4297244d4f817278a6ae45b1899ca9c) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
11:52:31.0398 1772 FLEXnet Licensing Service 64 - ok
11:52:31.0756 1772 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:52:31.0772 1772 flpydisk - ok
11:52:32.0053 1772 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:52:32.0053 1772 FltMgr - ok
11:52:32.0209 1772 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:52:32.0224 1772 FontCache - ok
11:52:32.0318 1772 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:52:32.0318 1772 FontCache3.0.0.0 - ok
11:52:32.0458 1772 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:52:32.0458 1772 FsDepends - ok
11:52:32.0505 1772 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
11:52:32.0505 1772 fssfltr - ok
11:52:33.0285 1772 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
11:52:33.0332 1772 fsssvc - ok
11:52:33.0940 1772 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:52:33.0956 1772 Fs_Rec - ok
11:52:34.0081 1772 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:52:34.0081 1772 fvevol - ok
11:52:34.0128 1772 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:52:34.0128 1772 gagp30kx - ok
11:52:34.0252 1772 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
11:52:34.0252 1772 GameConsoleService - ok
11:52:34.0299 1772 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:52:34.0299 1772 GEARAspiWDM - ok
11:52:34.0705 1772 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:52:34.0736 1772 gpsvc - ok
11:52:34.0752 1772 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:52:34.0752 1772 hcw85cir - ok
11:52:34.0814 1772 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:52:34.0814 1772 HDAudBus - ok
11:52:34.0830 1772 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:52:34.0830 1772 HidBatt - ok
11:52:34.0845 1772 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:52:34.0845 1772 HidBth - ok
11:52:34.0861 1772 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:52:34.0861 1772 HidIr - ok
11:52:34.0908 1772 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:52:34.0908 1772 hidserv - ok
11:52:35.0001 1772 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:52:35.0001 1772 HidUsb - ok
11:52:35.0048 1772 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:52:35.0048 1772 hkmsvc - ok
11:52:35.0095 1772 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:52:35.0110 1772 HomeGroupListener - ok
11:52:35.0235 1772 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:52:35.0251 1772 HomeGroupProvider - ok
11:52:35.0438 1772 HP Health Check Service (00b239202f7756695c8ccdf8bafa7d3d) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
11:52:35.0438 1772 HP Health Check Service - ok
11:52:35.0812 1772 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
11:52:35.0812 1772 hpqcxs08 - ok
11:52:36.0062 1772 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
11:52:36.0062 1772 hpqddsvc - ok
11:52:36.0124 1772 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
11:52:36.0124 1772 hpqwmiex - ok
11:52:36.0296 1772 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:52:36.0312 1772 HpSAMD - ok
11:52:36.0374 1772 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:52:36.0374 1772 HTTP - ok
11:52:36.0436 1772 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:52:36.0436 1772 hwpolicy - ok
11:52:36.0499 1772 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:52:36.0499 1772 i8042prt - ok
11:52:36.0561 1772 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:52:36.0577 1772 iaStorV - ok
11:52:36.0655 1772 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:52:36.0686 1772 idsvc - ok
11:52:37.0934 1772 igfx (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:52:38.0074 1772 igfx - ok
11:52:38.0168 1772 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:52:38.0184 1772 iirsp - ok
11:52:38.0293 1772 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:52:38.0308 1772 IKEEXT - ok
11:52:38.0464 1772 IntcAzAudAddService (ef75c94792187a143871fbb87611b0b7) C:\Windows\system32\drivers\RTKVHD64.sys
11:52:38.0527 1772 IntcAzAudAddService - ok
11:52:38.0714 1772 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:52:38.0715 1772 intelide - ok
11:52:38.0762 1772 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:52:38.0762 1772 intelppm - ok
11:52:39.0011 1772 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:52:39.0011 1772 IPBusEnum - ok
11:52:39.0043 1772 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:52:39.0043 1772 IpFilterDriver - ok
11:52:39.0261 1772 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:52:39.0261 1772 iphlpsvc - ok
11:52:39.0324 1772 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:52:39.0339 1772 IPMIDRV - ok
11:52:39.0370 1772 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:52:39.0370 1772 IPNAT - ok
11:52:39.0636 1772 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
11:52:39.0636 1772 iPod Service - ok
11:52:39.0682 1772 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:52:39.0682 1772 IRENUM - ok
11:52:39.0714 1772 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:52:39.0714 1772 isapnp - ok
11:52:39.0916 1772 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:52:39.0948 1772 iScsiPrt - ok
11:52:39.0994 1772 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:52:39.0994 1772 kbdclass - ok
11:52:40.0026 1772 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:52:40.0026 1772 kbdhid - ok
11:52:40.0197 1772 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:52:40.0197 1772 KeyIso - ok
11:52:40.0306 1772 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
11:52:40.0306 1772 KSecDD - ok
11:52:40.0338 1772 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
11:52:40.0353 1772 KSecPkg - ok
11:52:40.0369 1772 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:52:40.0369 1772 ksthunk - ok
11:52:40.0400 1772 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:52:40.0416 1772 KtmRm - ok
11:52:40.0728 1772 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
11:52:40.0728 1772 LanmanServer - ok
11:52:40.0790 1772 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:52:40.0790 1772 LanmanWorkstation - ok
11:52:41.0040 1772 LightScribeService (0ee66bdf485c6828aa65c0ef5d591133) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
11:52:41.0040 1772 LightScribeService - ok
11:52:41.0071 1772 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:52:41.0071 1772 lltdio - ok
11:52:41.0102 1772 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:52:41.0133 1772 lltdsvc - ok
11:52:41.0133 1772 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:52:41.0149 1772 lmhosts - ok
11:52:41.0180 1772 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:52:41.0180 1772 LSI_FC - ok
11:52:41.0196 1772 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:52:41.0211 1772 LSI_SAS - ok
11:52:41.0227 1772 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:52:41.0227 1772 LSI_SAS2 - ok
11:52:41.0242 1772 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:52:41.0258 1772 LSI_SCSI - ok
11:52:41.0274 1772 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:52:41.0274 1772 luafv - ok
11:52:41.0586 1772 McAfee SiteAdvisor Service (b891e3920f24ff1a3bead6cd2b42ed99) c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
11:52:41.0586 1772 McAfee SiteAdvisor Service - ok
11:52:41.0664 1772 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:52:41.0664 1772 Mcx2Svc - ok
11:52:41.0695 1772 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:52:41.0695 1772 megasas - ok
11:52:41.0710 1772 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:52:41.0726 1772 MegaSR - ok
11:52:41.0742 1772 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:52:41.0742 1772 MMCSS - ok
11:52:41.0757 1772 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:52:41.0757 1772 Modem - ok
11:52:41.0788 1772 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:52:41.0788 1772 monitor - ok
11:52:41.0851 1772 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:52:41.0851 1772 mouclass - ok
11:52:41.0882 1772 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:52:41.0882 1772 mouhid - ok
11:52:42.0178 1772 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:52:42.0210 1772 mountmgr - ok
11:52:42.0256 1772 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:52:42.0256 1772 MozillaMaintenance - ok
11:52:42.0319 1772 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:52:42.0334 1772 mpio - ok
11:52:42.0397 1772 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:52:42.0397 1772 mpsdrv - ok
11:52:42.0506 1772 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:52:42.0522 1772 MpsSvc - ok
11:52:42.0834 1772 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:52:42.0849 1772 MRxDAV - ok
11:52:42.0896 1772 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:52:42.0896 1772 mrxsmb - ok
11:52:42.0943 1772 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:52:42.0943 1772 mrxsmb10 - ok
11:52:42.0958 1772 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:52:42.0958 1772 mrxsmb20 - ok
11:52:43.0146 1772 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:52:43.0177 1772 msahci - ok
11:52:43.0208 1772 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:52:43.0208 1772 msdsm - ok
11:52:43.0239 1772 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:52:43.0239 1772 MSDTC - ok
11:52:43.0286 1772 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:52:43.0286 1772 Msfs - ok
11:52:43.0317 1772 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:52:43.0317 1772 mshidkmdf - ok
11:52:43.0333 1772 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:52:43.0333 1772 msisadrv - ok
11:52:43.0380 1772 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:52:43.0380 1772 MSiSCSI - ok
11:52:43.0380 1772 msiserver - ok
11:52:43.0411 1772 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:52:43.0411 1772 MSKSSRV - ok
11:52:43.0426 1772 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:52:43.0426 1772 MSPCLOCK - ok
11:52:43.0442 1772 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:52:43.0442 1772 MSPQM - ok
11:52:43.0770 1772 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:52:43.0770 1772 MsRPC - ok
11:52:43.0816 1772 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:52:43.0816 1772 mssmbios - ok
11:52:43.0848 1772 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:52:43.0848 1772 MSTEE - ok
11:52:43.0863 1772 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:52:43.0863 1772 MTConfig - ok
11:52:43.0894 1772 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:52:43.0894 1772 Mup - ok
11:52:44.0222 1772 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:52:44.0238 1772 napagent - ok
11:52:44.0284 1772 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:52:44.0284 1772 NativeWifiP - ok
11:52:44.0706 1772 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:52:44.0768 1772 NDIS - ok
11:52:44.0862 1772 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:52:44.0862 1772 NdisCap - ok
11:52:44.0877 1772 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:52:44.0877 1772 NdisTapi - ok
11:52:44.0940 1772 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:52:44.0940 1772 Ndisuio - ok
11:52:44.0986 1772 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:52:44.0986 1772 NdisWan - ok
11:52:45.0033 1772 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:52:45.0033 1772 NDProxy - ok
11:52:45.0127 1772 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
11:52:45.0127 1772 Net Driver HPZ12 - ok
11:52:45.0220 1772 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:52:45.0220 1772 NetBIOS - ok
11:52:45.0267 1772 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:52:45.0283 1772 NetBT - ok
11:52:45.0361 1772 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:52:45.0361 1772 Netlogon - ok
11:52:45.0408 1772 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:52:45.0423 1772 Netman - ok
11:52:45.0470 1772 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:52:45.0486 1772 netprofm - ok
11:52:45.0517 1772 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:52:45.0532 1772 NetTcpPortSharing - ok
11:52:45.0564 1772 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:52:45.0564 1772 nfrd960 - ok
11:52:45.0642 1772 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:52:45.0657 1772 NlaSvc - ok
11:52:45.0688 1772 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:52:45.0688 1772 Npfs - ok
11:52:45.0720 1772 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:52:45.0720 1772 nsi - ok
11:52:45.0735 1772 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:52:45.0735 1772 nsiproxy - ok
11:52:46.0827 1772 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:52:46.0890 1772 Ntfs - ok
11:52:47.0311 1772 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:52:47.0311 1772 Null - ok
11:52:47.0358 1772 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:52:47.0358 1772 nvraid - ok
11:52:47.0389 1772 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:52:47.0389 1772 nvstor - ok
11:52:47.0560 1772 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:52:47.0576 1772 nv_agp - ok
11:52:47.0748 1772 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:52:47.0763 1772 odserv - ok
11:52:47.0794 1772 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:52:47.0794 1772 ohci1394 - ok
11:52:47.0857 1772 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:52:47.0872 1772 ose - ok
11:52:47.0950 1772 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:52:47.0950 1772 p2pimsvc - ok
11:52:48.0013 1772 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:52:48.0013 1772 p2psvc - ok
11:52:48.0075 1772 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:52:48.0075 1772 Parport - ok
11:52:48.0169 1772 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
11:52:48.0169 1772 partmgr - ok
11:52:48.0216 1772 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:52:48.0231 1772 PcaSvc - ok
11:52:48.0294 1772 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:52:48.0294 1772 pci - ok
11:52:48.0294 1772 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:52:48.0325 1772 pciide - ok
11:52:48.0356 1772 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:52:48.0356 1772 pcmcia - ok
11:52:48.0372 1772 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:52:48.0372 1772 pcw - ok
11:52:48.0403 1772 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:52:48.0403 1772 PEAUTH - ok
11:52:48.0481 1772 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:52:48.0481 1772 PerfHost - ok
11:52:48.0933 1772 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:52:48.0964 1772 pla - ok
11:52:49.0027 1772 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:52:49.0027 1772 PlugPlay - ok
11:52:49.0089 1772 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
11:52:49.0089 1772 Pml Driver HPZ12 - ok
11:52:49.0105 1772 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:52:49.0120 1772 PNRPAutoReg - ok
11:52:49.0136 1772 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:52:49.0136 1772 PNRPsvc - ok
11:52:49.0198 1772 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:52:49.0198 1772 PolicyAgent - ok
11:52:49.0245 1772 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:52:49.0245 1772 Power - ok
11:52:49.0323 1772 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:52:49.0323 1772 PptpMiniport - ok
11:52:49.0354 1772 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:52:49.0354 1772 Processor - ok
11:52:49.0417 1772 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
11:52:49.0432 1772 ProfSvc - ok
11:52:49.0479 1772 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:52:49.0479 1772 ProtectedStorage - ok
11:52:49.0526 1772 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:52:49.0526 1772 Psched - ok
11:52:49.0635 1772 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:52:49.0666 1772 ql2300 - ok
11:52:49.0900 1772 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:52:49.0900 1772 ql40xx - ok
11:52:49.0932 1772 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:52:49.0932 1772 QWAVE - ok
11:52:49.0947 1772 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:52:49.0947 1772 QWAVEdrv - ok
11:52:49.0947 1772 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:52:49.0947 1772 RasAcd - ok
11:52:49.0978 1772 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:52:49.0978 1772 RasAgileVpn - ok
11:52:50.0010 1772 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:52:50.0010 1772 RasAuto - ok
11:52:50.0056 1772 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:52:50.0056 1772 Rasl2tp - ok
11:52:50.0103 1772 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:52:50.0103 1772 RasMan - ok
11:52:50.0134 1772 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:52:50.0134 1772 RasPppoe - ok
11:52:50.0150 1772 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:52:50.0150 1772 RasSstp - ok
11:52:50.0212 1772 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:52:50.0212 1772 rdbss - ok
11:52:50.0244 1772 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:52:50.0244 1772 rdpbus - ok
11:52:50.0259 1772 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:52:50.0259 1772 RDPCDD - ok
11:52:50.0275 1772 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:52:50.0275 1772 RDPENCDD - ok
11:52:50.0306 1772 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:52:50.0306 1772 RDPREFMP - ok
11:52:50.0368 1772 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
11:52:50.0368 1772 RDPWD - ok
11:52:50.0431 1772 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:52:50.0431 1772 rdyboost - ok
11:52:50.0462 1772 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:52:50.0462 1772 RemoteAccess - ok
11:52:50.0493 1772 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:52:50.0509 1772 RemoteRegistry - ok
11:52:50.0524 1772 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:52:50.0524 1772 RpcEptMapper - ok
11:52:50.0524 1772 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:52:50.0524 1772 RpcLocator - ok
11:52:50.0587 1772 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:52:50.0587 1772 RpcSs - ok
11:52:50.0618 1772 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:52:50.0618 1772 rspndr - ok
11:52:50.0680 1772 rt61x64 (ec7f0030d58886b0fcd3eefb1c51f8e2) C:\Windows\system32\DRIVERS\netr6164.sys
11:52:50.0696 1772 rt61x64 - ok
11:52:50.0712 1772 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:52:50.0727 1772 RTL8167 - ok
11:52:50.0774 1772 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:52:50.0774 1772 SamSs - ok
11:52:50.0836 1772 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:52:50.0836 1772 sbp2port - ok
11:52:51.0008 1772 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
11:52:51.0024 1772 SBSDWSCService - ok
11:52:51.0055 1772 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:52:51.0055 1772 SCardSvr - ok
11:52:51.0117 1772 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:52:51.0117 1772 scfilter - ok
11:52:51.0211 1772 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:52:51.0226 1772 Schedule - ok
11:52:51.0273 1772 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:52:51.0273 1772 SCPolicySvc - ok
11:52:51.0320 1772 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:52:51.0336 1772 SDRSVC - ok
11:52:51.0429 1772 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:52:51.0429 1772 secdrv - ok
11:52:51.0476 1772 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:52:51.0476 1772 seclogon - ok
11:52:51.0523 1772 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:52:51.0523 1772 SENS - ok
11:52:51.0570 1772 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:52:51.0585 1772 SensrSvc - ok
11:52:51.0601 1772 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:52:51.0601 1772 Serenum - ok
11:52:51.0632 1772 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:52:51.0632 1772 Serial - ok
11:52:51.0663 1772 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:52:51.0663 1772 sermouse - ok
11:52:51.0726 1772 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:52:51.0726 1772 SessionEnv - ok
11:52:51.0741 1772 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:52:51.0741 1772 sffdisk - ok
11:52:51.0757 1772 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:52:51.0757 1772 sffp_mmc - ok
11:52:51.0772 1772 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:52:51.0772 1772 sffp_sd - ok
11:52:51.0804 1772 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:52:51.0804 1772 sfloppy - ok
11:52:51.0835 1772 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:52:51.0850 1772 SharedAccess - ok
11:52:51.0928 1772 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:52:51.0928 1772 ShellHWDetection - ok
11:52:51.0975 1772 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:52:51.0975 1772 SiSRaid2 - ok
11:52:51.0991 1772 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:52:52.0006 1772 SiSRaid4 - ok
11:52:52.0084 1772 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe
11:52:52.0084 1772 SkypeUpdate - ok
11:52:52.0116 1772 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:52:52.0116 1772 Smb - ok
11:52:52.0162 1772 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:52:52.0162 1772 SNMPTRAP - ok
11:52:52.0178 1772 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:52:52.0178 1772 spldr - ok
11:52:52.0256 1772 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:52:52.0256 1772 Spooler - ok
11:52:52.0412 1772 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:52:52.0474 1772 sppsvc - ok
11:52:52.0552 1772 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:52:52.0552 1772 sppuinotify - ok
11:52:52.0958 1772 sptd (51de15ca5c05bca46d8b110cd00a02fb) C:\Windows\System32\Drivers\sptd.sys
11:52:52.0974 1772 sptd - ok
11:52:53.0036 1772 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:52:53.0036 1772 srv - ok
11:52:53.0067 1772 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:52:53.0067 1772 srv2 - ok
11:52:53.0083 1772 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:52:53.0083 1772 srvnet - ok
11:52:53.0114 1772 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:52:53.0114 1772 SSDPSRV - ok
11:52:53.0130 1772 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:52:53.0130 1772 SstpSvc - ok
11:52:53.0192 1772 Steam Client Service - ok
11:52:53.0239 1772 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:52:53.0239 1772 stexstor - ok
11:52:53.0301 1772 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:52:53.0317 1772 stisvc - ok
11:52:53.0364 1772 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:52:53.0364 1772 swenum - ok
11:52:53.0395 1772 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:52:53.0410 1772 swprv - ok
11:52:53.0535 1772 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:52:53.0566 1772 SysMain - ok
11:52:53.0676 1772 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:52:53.0676 1772 TabletInputService - ok
11:52:54.0222 1772 TabletServiceWacom (c0255d8e3abe790694927624603f8f10) C:\Windows\system32\Wacom_Tablet.exe
11:52:54.0346 1772 TabletServiceWacom - ok
11:52:54.0487 1772 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:52:54.0487 1772 TapiSrv - ok
11:52:54.0518 1772 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:52:54.0518 1772 TBS - ok
11:52:54.0643 1772 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
11:52:54.0658 1772 Tcpip - ok
11:52:54.0814 1772 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
11:52:54.0830 1772 TCPIP6 - ok
11:52:54.0939 1772 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:52:54.0939 1772 tcpipreg - ok
11:52:54.0955 1772 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:52:54.0970 1772 TDPIPE - ok
11:52:55.0002 1772 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:52:55.0002 1772 TDTCP - ok
11:52:55.0033 1772 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:52:55.0033 1772 tdx - ok
11:52:55.0064 1772 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:52:55.0064 1772 TermDD - ok
11:52:55.0142 1772 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:52:55.0158 1772 TermService - ok
11:52:55.0173 1772 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:52:55.0173 1772 Themes - ok
11:52:55.0204 1772 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:52:55.0204 1772 THREADORDER - ok
11:52:55.0204 1772 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:52:55.0236 1772 TrkWks - ok
11:52:55.0314 1772 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:52:55.0314 1772 TrustedInstaller - ok
11:52:55.0360 1772 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:52:55.0360 1772 tssecsrv - ok
11:52:55.0407 1772 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:52:55.0407 1772 TsUsbFlt - ok
11:52:55.0501 1772 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:52:55.0501 1772 tunnel - ok
11:52:55.0532 1772 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:52:55.0532 1772 uagp35 - ok
11:52:55.0594 1772 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:52:55.0594 1772 udfs - ok
11:52:55.0719 1772 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:52:55.0719 1772 UI0Detect - ok
11:52:55.0750 1772 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:52:55.0750 1772 uliagpkx - ok
11:52:55.0782 1772 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:52:55.0782 1772 umbus - ok
11:52:55.0813 1772 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:52:55.0813 1772 UmPass - ok
11:52:55.0860 1772 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:52:55.0875 1772 upnphost - ok
11:52:55.0922 1772 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
11:52:55.0922 1772 USBAAPL64 - ok
11:52:55.0984 1772 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
11:52:55.0984 1772 usbaudio - ok
11:52:56.0047 1772 usbbus (c73cb90e6a2ff90fd02451a8dfc6af8a) C:\Windows\system32\DRIVERS\lgx64bus.sys
11:52:56.0047 1772 usbbus - ok
11:52:56.0094 1772 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:52:56.0109 1772 usbccgp - ok
11:52:56.0156 1772 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:52:56.0156 1772 usbcir - ok
11:52:56.0203 1772 UsbDiag (856ce1f23785369bb5a2de0aedad0aa7) C:\Windows\system32\DRIVERS\lgx64diag.sys
11:52:56.0203 1772 UsbDiag - ok
11:52:56.0250 1772 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:52:56.0250 1772 usbehci - ok
11:52:56.0312 1772 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:52:56.0328 1772 usbhub - ok
11:52:56.0390 1772 USBModem (f81055629778d33c9317b32e4d2b58db) C:\Windows\system32\DRIVERS\lgx64modem.sys
11:52:56.0390 1772 USBModem - ok
11:52:56.0421 1772 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
11:52:56.0421 1772 usbohci - ok
11:52:56.0452 1772 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:52:56.0452 1772 usbprint - ok
11:52:56.0499 1772 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:52:56.0499 1772 usbscan - ok
11:52:56.0546 1772 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:52:56.0562 1772 USBSTOR - ok
11:52:56.0593 1772 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
11:52:56.0593 1772 usbuhci - ok
11:52:56.0671 1772 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
11:52:56.0671 1772 usbvideo - ok
11:52:56.0702 1772 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:52:56.0702 1772 UxSms - ok
11:52:56.0749 1772 V0500Dev (78b3efdc12d6e62736001b8249079dd8) C:\Windows\system32\DRIVERS\V0500Vid.sys
11:52:56.0764 1772 V0500Dev - ok
11:52:56.0811 1772 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:52:56.0811 1772 VaultSvc - ok
11:52:56.0874 1772 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:52:56.0874 1772 vdrvroot - ok
11:52:56.0936 1772 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:52:56.0952 1772 vds - ok
11:52:56.0983 1772 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:52:56.0983 1772 vga - ok
11:52:56.0998 1772 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:52:56.0998 1772 VgaSave - ok
11:52:57.0045 1772 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:52:57.0045 1772 vhdmp - ok
11:52:57.0061 1772 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:52:57.0061 1772 viaide - ok
11:52:57.0076 1772 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:52:57.0076 1772 volmgr - ok
11:52:57.0139 1772 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:52:57.0139 1772 volmgrx - ok
11:52:57.0186 1772 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:52:57.0186 1772 volsnap - ok
11:52:57.0232 1772 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:52:57.0232 1772 vsmraid - ok
11:52:57.0342 1772 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:52:57.0357 1772 VSS - ok
11:52:57.0529 1772 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:52:57.0529 1772 vwifibus - ok
11:52:57.0560 1772 VWiFiFlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:52:57.0560 1772 VWiFiFlt - ok
11:52:57.0576 1772 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
11:52:57.0576 1772 vwifimp - ok
11:52:57.0607 1772 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:52:57.0622 1772 W32Time - ok
11:52:57.0685 1772 wacmoumonitor (37e4600e2cdad3c1a3613a25b97d457c) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
11:52:57.0700 1772 wacmoumonitor - ok
11:52:57.0700 1772 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
11:52:57.0700 1772 wacommousefilter - ok
11:52:57.0732 1772 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:52:57.0732 1772 WacomPen - ok
11:52:57.0747 1772 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
11:52:57.0747 1772 wacomvhid - ok
11:52:57.0794 1772 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:52:57.0810 1772 WANARP - ok
11:52:57.0810 1772 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:52:57.0810 1772 Wanarpv6 - ok
11:52:57.0888 1772 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:52:57.0903 1772 WatAdminSvc - ok
11:52:57.0997 1772 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:52:58.0012 1772 wbengine - ok
11:52:58.0122 1772 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:52:58.0137 1772 WbioSrvc - ok
11:52:58.0184 1772 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:52:58.0200 1772 wcncsvc - ok
11:52:58.0215 1772 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:52:58.0215 1772 WcsPlugInService - ok
11:52:58.0278 1772 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:52:58.0278 1772 Wd - ok
11:52:58.0309 1772 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:52:58.0324 1772 Wdf01000 - ok
11:52:58.0356 1772 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:52:58.0356 1772 WdiServiceHost - ok
11:52:58.0356 1772 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:52:58.0356 1772 WdiSystemHost - ok
11:52:58.0418 1772 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:52:58.0418 1772 WebClient - ok
11:52:58.0434 1772 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:52:58.0449 1772 Wecsvc - ok
11:52:58.0449 1772 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:52:58.0465 1772 wercplsupport - ok
11:52:58.0480 1772 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:52:58.0480 1772 WerSvc - ok
11:52:58.0543 1772 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:52:58.0543 1772 WfpLwf - ok
11:52:58.0558 1772 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:52:58.0558 1772 WIMMount - ok
11:52:58.0605 1772 WinDefend - ok
11:52:58.0621 1772 WinHttpAutoProxySvc - ok
11:52:58.0652 1772 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:52:58.0652 1772 Winmgmt - ok
11:52:58.0792 1772 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:52:58.0824 1772 WinRM - ok
11:52:58.0948 1772 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:52:58.0948 1772 WinUsb - ok
11:52:59.0011 1772 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:52:59.0026 1772 Wlansvc - ok
11:52:59.0120 1772 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:52:59.0120 1772 wlcrasvc - ok
11:52:59.0260 1772 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:52:59.0276 1772 wlidsvc - ok
11:52:59.0416 1772 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:52:59.0416 1772 WmiAcpi - ok
11:52:59.0463 1772 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:52:59.0463 1772 wmiApSrv - ok
11:52:59.0526 1772 WMPNetworkSvc - ok
11:52:59.0557 1772 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:52:59.0572 1772 WPCSvc - ok
11:52:59.0604 1772 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:52:59.0604 1772 WPDBusEnum - ok
11:52:59.0650 1772 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:52:59.0650 1772 ws2ifsl - ok
11:52:59.0682 1772 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
11:52:59.0682 1772 wscsvc - ok
11:52:59.0697 1772 WSearch - ok
11:52:59.0822 1772 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
11:52:59.0838 1772 wuauserv - ok
11:52:59.0994 1772 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:52:59.0994 1772 WudfPf - ok
11:53:00.0025 1772 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:53:00.0025 1772 WUDFRd - ok
11:53:00.0072 1772 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:53:00.0072 1772 wudfsvc - ok
11:53:00.0103 1772 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:53:00.0118 1772 WwanSvc - ok
11:53:00.0274 1772 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
11:53:00.0274 1772 YahooAUService - ok
11:53:00.0306 1772 MBR (0x1B8) (71aa491c2fc6871ffb5dfba6855b8c52) \Device\Harddisk0\DR0
11:53:00.0446 1772 \Device\Harddisk0\DR0 - ok
11:53:00.0462 1772 Boot (0x1200) (c42c847e1ea7803f470c3a0ed5247cf2) \Device\Harddisk0\DR0\Partition0
11:53:00.0462 1772 \Device\Harddisk0\DR0\Partition0 - ok
11:53:00.0462 1772 Boot (0x1200) (9fd7a805e2b451664799559095426728) \Device\Harddisk0\DR0\Partition1
11:53:00.0462 1772 \Device\Harddisk0\DR0\Partition1 - ok
11:53:00.0508 1772 Boot (0x1200) (dfb0ddbc3b58001a34d69f923c68a7dc) \Device\Harddisk0\DR0\Partition2
11:53:00.0540 1772 \Device\Harddisk0\DR0\Partition2 - ok
11:53:00.0540 1772 ============================================================
11:53:00.0540 1772 Scan finished
11:53:00.0540 1772 ============================================================
11:53:00.0555 3180 Detected object count: 1
11:53:00.0555 3180 Actual detected object count: 1
11:53:21.0038 3180 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
11:53:21.0038 3180 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

#14 dgamm562

dgamm562
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 20 July 2012 - 02:35 PM

aswMBR Log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-20 11:58:32
-----------------------------
11:58:32.809 OS Version: Windows x64 6.1.7601 Service Pack 1
11:58:32.809 Number of processors: 2 586 0x170A
11:58:32.809 ComputerName: DGAMM562 UserName:
11:58:33.370 Initialize success
11:58:33.526 AVAST engine defs: 12072000
11:59:14.024 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:59:14.024 Disk 0 Vendor: Hitachi_HDT721032SLA380 ST2OA39D Size: 305245MB BusType: 3
11:59:14.040 Disk 0 MBR read successfully
11:59:14.040 Disk 0 MBR scan
11:59:14.055 Disk 0 unknown MBR code
11:59:14.071 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:59:14.071 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 294121 MB offset 206848
11:59:14.118 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11022 MB offset 602566656
11:59:14.164 Disk 0 scanning C:\Windows\system32\drivers
11:59:22.152 Service scanning
11:59:48.968 Modules scanning
11:59:48.968 Disk 0 trace - called modules:
11:59:48.999 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
11:59:49.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003374060]
11:59:49.030 3 CLASSPNP.SYS[fffff88001ba243f] -> nt!IofCallDriver -> [0xfffffa80023ddcf0]
11:59:49.030 5 ACPI.sys[fffff88000f007a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002ebe680]
11:59:49.514 AVAST engine scan C:\Windows
11:59:51.776 AVAST engine scan C:\Windows\system32
12:01:10.203 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
12:01:12.216 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
12:01:59.881 AVAST engine scan C:\Windows\system32\drivers
12:02:09.320 AVAST engine scan C:\Users\Dominique Gammage
12:19:15.480 AVAST engine scan C:\ProgramData
12:32:06.301 Scan finished successfully
12:32:45.426 Disk 0 MBR has been saved successfully to "C:\Users\Dominique Gammage\Desktop\MBR.dat"
12:32:45.442 The log file has been saved successfully to "C:\Users\Dominique Gammage\Desktop\aswMBR.txt"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:10 AM

Posted 20 July 2012 - 08:37 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users